Information Systems Security Program

Abstract

To limit DOD exposure to Insider SIPRNET data exfiltration threats, the Department must both deter bad behavior by increasing accountability and enforcement, and, implement barriers to data theft while preserving required ease of information sharing amongst authorized users. To accomplish this goal, DISA must accelerate implementation and fielding of three capability sets: •The ability to control and monitor pre-provisioned user access in a manner that cannot be repudiated (e.g. using CAC-enabled PKE Authentication) mitigates insider exfiltration threat by limiting data access and enabling enforcement and accountability •The ability to control and monitor user access based on known attributes about a user such as their organizational affiliation or roles within that organization (i.e. “Attribute Based Access Control” (ABAC)) provides the ability to share information on an ad-hoc basis amongst “unintended, but authorized users” while still limiting data access and enabling enforcement •The ability to enable, monitor and control the authorized transfer of information between SIPRNET and other DOD Networks as required via a globally available and operationally effective cross domain enterprise service solutions Of the three above listed capabilities, DISA has Identified five enhancements to existing programs to accomplish these capabilities. Two of the enhancements, Host Based Security System (HBSS) Audit Extraction Module (AEM) and Cross Domain Enterprise Services (CDES), require further test and evaluation. All testing is anticipated to be completed in FY12.

Open PDF

Document Details

Document Type
Project
Publication Date
Oct 01, 2012
Source ID
IA3_0303140K_7_0400_PB_2012

Tags

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Enterprise Information Systems Architecture and Joint Command Capability Interoperability Support.

Related Documents